starting_luid, starting_ruid, starting_euid, starting_rgid, starting_egid, is_starting_luid, is_starting_ruid, is_starting_euid, is_starting_rgid, is_starting_egid, set_auth_parameters, check_auth_parameters - Get or check user or group IDs (Enhanced Security)
Security Library (libsecurity.so)
#include <sys/types.h> #include <sys/security.h> #include <prot.h>
The identity functions provide a way to recall the IDs of a process at the time the program started. They are useful when interrogating the invoking environment of a program after any setuid() or setgid() calls have been made so that the original environment can be captured.
The starting_luid() function returns the login UID for the process. The login UID is the immutable stamp for the process and accurately denotes the account under which the session is being run, regardless of subsequent setuid() calls.
The starting_ruid() function returns the real UID for the process as it was set in the beginning of the program. Similarly, starting_euid() returns the effective UID, starting_rgid() returns the real GID, and starting_egid() returns the effective GID. These IDs may not be the same as those returned by getuid(), geteuid(), getgid(), or getegid(), respectively, because intervening calls to setuid() or setgid() can change them depending on the process's privileges.
The is_starting_luid() function returns a value of 1 if the argument is the same as the login UID at the time when set_auth_parameters() was invoked; otherwise, it returns a value of 0 (zero). Similarly, The is_starting_ruid() function returns 1 if the argument is the same as the real UID at the time when set_auth_parameters() was invoked, and 0 otherwise. The is_starting_euid() function returns 1 if the argument is the same as the effective UID at the time when set_auth_parameters() was invoked, and 0 otherwise. The is_starting_rgid() function returns 1 if the argument is the same as the real GID at the time when set_auth_parameters() was invoked, and 0 otherwise. The is_starting_egid() function returns 1 if the argument is the same as the effective GID at the time when set_auth_parameters() was invoked, and 0 otherwise.
The set_auth_parameters() function is used to retain the IDs for future lookup. It also tests the kernel to see if the security features have been loaded. If not, the program exists with an error message. It should be called first in a program or there is a chance that it will capture an environment different from the conditions at the program start. The two arguments are the argument count and vector with which the program was called. The check_auth_parameters() function verifies that set_auth_parameters() has been previously invoked. If not, the program exits.
Programs must call set_auth_parameters() before any other action in main(). The program must always call set_auth_parameters(argc,argv) before doing anything that changes argc or argv; the other functions in identity.c depend on this happening. The argc parameter must be at least 1.
Programs using these functions must be compiled with -lsecurity.
Functions: getuid(2), getgid(2), setuid(2), setgid(2). delim off